diff --git a/src/Access/AccessControlManager.cpp b/src/Access/AccessControlManager.cpp index 62e9abfd996..e71720d14fb 100644 --- a/src/Access/AccessControlManager.cpp +++ b/src/Access/AccessControlManager.cpp @@ -114,7 +114,7 @@ private: AccessControlManager::AccessControlManager() - : MultipleAccessStorage(createStorages()), + : MultipleAccessStorage("user directories", createStorages()), context_access_cache(std::make_unique(*this)), role_cache(std::make_unique(*this)), row_policy_cache(std::make_unique(*this)), diff --git a/src/Access/DiskAccessStorage.cpp b/src/Access/DiskAccessStorage.cpp index 9aba8fb7939..d5c75947c25 100644 --- a/src/Access/DiskAccessStorage.cpp +++ b/src/Access/DiskAccessStorage.cpp @@ -296,7 +296,7 @@ namespace DiskAccessStorage::DiskAccessStorage() - : IAccessStorage("disk") + : IAccessStorage("local directory") { } diff --git a/src/Access/IAccessStorage.cpp b/src/Access/IAccessStorage.cpp index ffedfb038a4..874ae612034 100644 --- a/src/Access/IAccessStorage.cpp +++ b/src/Access/IAccessStorage.cpp @@ -432,14 +432,14 @@ Poco::Logger * IAccessStorage::getLogger() const void IAccessStorage::throwNotFound(const UUID & id) const { - throw Exception(outputID(id) + " not found in [" + getStorageName() + "]", ErrorCodes::ACCESS_ENTITY_NOT_FOUND); + throw Exception(outputID(id) + " not found in " + getStorageName(), ErrorCodes::ACCESS_ENTITY_NOT_FOUND); } void IAccessStorage::throwNotFound(EntityType type, const String & name) const { int error_code = EntityTypeInfo::get(type).not_found_error_code; - throw Exception("There is no " + outputEntityTypeAndName(type, name) + " in [" + getStorageName() + "]", error_code); + throw Exception("There is no " + outputEntityTypeAndName(type, name) + " in " + getStorageName(), error_code); } @@ -455,7 +455,7 @@ void IAccessStorage::throwIDCollisionCannotInsert(const UUID & id, EntityType ty { throw Exception( outputEntityTypeAndName(type, name) + ": cannot insert because the " + outputID(id) + " is already used by " - + outputEntityTypeAndName(existing_type, existing_name) + " in [" + getStorageName() + "]", + + outputEntityTypeAndName(existing_type, existing_name) + " in " + getStorageName(), ErrorCodes::ACCESS_ENTITY_ALREADY_EXISTS); } @@ -463,8 +463,8 @@ void IAccessStorage::throwIDCollisionCannotInsert(const UUID & id, EntityType ty void IAccessStorage::throwNameCollisionCannotInsert(EntityType type, const String & name) const { throw Exception( - outputEntityTypeAndName(type, name) + ": cannot insert because " + outputEntityTypeAndName(type, name) + " already exists in [" - + getStorageName() + "]", + outputEntityTypeAndName(type, name) + ": cannot insert because " + outputEntityTypeAndName(type, name) + " already exists in " + + getStorageName(), ErrorCodes::ACCESS_ENTITY_ALREADY_EXISTS); } @@ -473,7 +473,7 @@ void IAccessStorage::throwNameCollisionCannotRename(EntityType type, const Strin { throw Exception( outputEntityTypeAndName(type, old_name) + ": cannot rename to " + backQuote(new_name) + " because " - + outputEntityTypeAndName(type, new_name) + " already exists in [" + getStorageName() + "]", + + outputEntityTypeAndName(type, new_name) + " already exists in " + getStorageName(), ErrorCodes::ACCESS_ENTITY_ALREADY_EXISTS); } @@ -481,7 +481,7 @@ void IAccessStorage::throwNameCollisionCannotRename(EntityType type, const Strin void IAccessStorage::throwReadonlyCannotInsert(EntityType type, const String & name) const { throw Exception( - "Cannot insert " + outputEntityTypeAndName(type, name) + " to [" + getStorageName() + "] because this storage is readonly", + "Cannot insert " + outputEntityTypeAndName(type, name) + " to " + getStorageName() + " because this storage is readonly", ErrorCodes::ACCESS_STORAGE_READONLY); } @@ -489,7 +489,7 @@ void IAccessStorage::throwReadonlyCannotInsert(EntityType type, const String & n void IAccessStorage::throwReadonlyCannotUpdate(EntityType type, const String & name) const { throw Exception( - "Cannot update " + outputEntityTypeAndName(type, name) + " in [" + getStorageName() + "] because this storage is readonly", + "Cannot update " + outputEntityTypeAndName(type, name) + " in " + getStorageName() + " because this storage is readonly", ErrorCodes::ACCESS_STORAGE_READONLY); } @@ -497,7 +497,7 @@ void IAccessStorage::throwReadonlyCannotUpdate(EntityType type, const String & n void IAccessStorage::throwReadonlyCannotRemove(EntityType type, const String & name) const { throw Exception( - "Cannot remove " + outputEntityTypeAndName(type, name) + " from [" + getStorageName() + "] because this storage is readonly", + "Cannot remove " + outputEntityTypeAndName(type, name) + " from " + getStorageName() + " because this storage is readonly", ErrorCodes::ACCESS_STORAGE_READONLY); } } diff --git a/src/Access/MultipleAccessStorage.cpp b/src/Access/MultipleAccessStorage.cpp index 254c6c0658e..8f281f1c354 100644 --- a/src/Access/MultipleAccessStorage.cpp +++ b/src/Access/MultipleAccessStorage.cpp @@ -12,26 +12,10 @@ namespace ErrorCodes } -namespace -{ - template - String joinStorageNames(const std::vector & storages) - { - String result; - for (const auto & storage : storages) - { - if (!result.empty()) - result += ", "; - result += storage->getStorageName(); - } - return result; - } -} - - MultipleAccessStorage::MultipleAccessStorage( + const String & storage_name_, std::vector> nested_storages_) - : IAccessStorage(joinStorageNames(nested_storages_)) + : IAccessStorage(storage_name_) , nested_storages(std::move(nested_storages_)) , ids_cache(512 /* cache size */) { diff --git a/src/Access/MultipleAccessStorage.h b/src/Access/MultipleAccessStorage.h index fc652193d23..4f8ea22d342 100644 --- a/src/Access/MultipleAccessStorage.h +++ b/src/Access/MultipleAccessStorage.h @@ -13,7 +13,7 @@ class MultipleAccessStorage : public IAccessStorage public: using Storage = IAccessStorage; - MultipleAccessStorage(std::vector> nested_storages_); + MultipleAccessStorage(const String & storage_name_, std::vector> nested_storages_); const Storage * findStorage(const UUID & id) const; Storage * findStorage(const UUID & id); diff --git a/tests/integration/test_grant_and_revoke/test.py b/tests/integration/test_grant_and_revoke/test.py index 9900be4704e..92ffb78a1cb 100644 --- a/tests/integration/test_grant_and_revoke/test.py +++ b/tests/integration/test_grant_and_revoke/test.py @@ -200,8 +200,8 @@ def test_introspection(): assert expected_access2 in instance.query("SHOW ACCESS") assert instance.query("SELECT name, storage, auth_type, auth_params, host_ip, host_names, host_names_regexp, host_names_like, default_roles_all, default_roles_list, default_roles_except from system.users WHERE name IN ('A', 'B') ORDER BY name") ==\ - TSV([[ "A", "disk", "no_password", "{}", "['::/0']", "[]", "[]", "[]", 1, "[]", "[]" ], - [ "B", "disk", "no_password", "{}", "['::/0']", "[]", "[]", "[]", 1, "[]", "[]" ]]) + TSV([[ "A", "local directory", "no_password", "{}", "['::/0']", "[]", "[]", "[]", 1, "[]", "[]" ], + [ "B", "local directory", "no_password", "{}", "['::/0']", "[]", "[]", "[]", 1, "[]", "[]" ]]) assert instance.query("SELECT * from system.grants WHERE user_name IN ('A', 'B') ORDER BY user_name, access_type, grant_option") ==\ TSV([[ "A", "\N", "SELECT", "test", "table", "\N", 0, 0 ], diff --git a/tests/integration/test_role/test.py b/tests/integration/test_role/test.py index ce6e4e53512..667347be017 100644 --- a/tests/integration/test_role/test.py +++ b/tests/integration/test_role/test.py @@ -177,8 +177,8 @@ def test_introspection(): assert expected_access3 in instance.query("SHOW ACCESS") assert instance.query("SELECT name, storage from system.roles WHERE name IN ('R1', 'R2') ORDER BY name") ==\ - TSV([[ "R1", "disk" ], - [ "R2", "disk" ]]) + TSV([[ "R1", "local directory" ], + [ "R2", "local directory" ]]) assert instance.query("SELECT * from system.grants WHERE user_name IN ('A', 'B') OR role_name IN ('R1', 'R2') ORDER BY user_name, role_name, access_type, grant_option") ==\ TSV([[ "A", "\N", "SELECT", "test", "table", "\N", 0, 0 ], diff --git a/tests/integration/test_settings_profile/test.py b/tests/integration/test_settings_profile/test.py index 21fdac9da7a..71a1d9aca54 100644 --- a/tests/integration/test_settings_profile/test.py +++ b/tests/integration/test_settings_profile/test.py @@ -50,7 +50,7 @@ def test_smoke(): assert instance.query("SELECT value FROM system.settings WHERE name = 'max_memory_usage'", user="robin") == "100000001\n" assert "Setting max_memory_usage shouldn't be less than 90000000" in instance.query_and_get_error("SET max_memory_usage = 80000000", user="robin") assert "Setting max_memory_usage shouldn't be greater than 110000000" in instance.query_and_get_error("SET max_memory_usage = 120000000", user="robin") - assert system_settings_profile("xyz") == [[ "xyz", "disk", 1, 0, "['robin']", "[]" ]] + assert system_settings_profile("xyz") == [[ "xyz", "local directory", 1, 0, "['robin']", "[]" ]] assert system_settings_profile_elements(profile_name="xyz") == [[ "xyz", "\N", "\N", 0, "max_memory_usage", 100000001, 90000000, 110000000, "\N", "\N" ]] instance.query("ALTER SETTINGS PROFILE xyz TO NONE") @@ -58,7 +58,7 @@ def test_smoke(): assert instance.query("SELECT value FROM system.settings WHERE name = 'max_memory_usage'", user="robin") == "10000000000\n" instance.query("SET max_memory_usage = 80000000", user="robin") instance.query("SET max_memory_usage = 120000000", user="robin") - assert system_settings_profile("xyz") == [[ "xyz", "disk", 1, 0, "[]", "[]" ]] + assert system_settings_profile("xyz") == [[ "xyz", "local directory", 1, 0, "[]", "[]" ]] assert system_settings_profile_elements(user_name="robin") == [] # Set settings and constraints via CREATE USER ... SETTINGS PROFILE @@ -87,7 +87,7 @@ def test_settings_from_granted_role(): assert instance.query("SELECT value FROM system.settings WHERE name = 'max_memory_usage'", user="robin") == "100000001\n" assert instance.query("SELECT value FROM system.settings WHERE name = 'max_ast_depth'", user="robin") == "2000\n" assert "Setting max_memory_usage shouldn't be greater than 110000000" in instance.query_and_get_error("SET max_memory_usage = 120000000", user="robin") - assert system_settings_profile("xyz") == [[ "xyz", "disk", 2, 0, "[]", "[]" ]] + assert system_settings_profile("xyz") == [[ "xyz", "local directory", 2, 0, "[]", "[]" ]] assert system_settings_profile_elements(profile_name="xyz") == [[ "xyz", "\N", "\N", 0, "max_memory_usage", 100000001, "\N", 110000000, "\N", "\N" ], [ "xyz", "\N", "\N", 1, "max_ast_depth", 2000, "\N", "\N", "\N", "\N" ]] assert system_settings_profile_elements(role_name="worker") == [[ "\N", "\N", "worker", 0, "\N", "\N", "\N", "\N", "\N", "xyz" ]] @@ -108,13 +108,13 @@ def test_settings_from_granted_role(): assert instance.query("SHOW CREATE SETTINGS PROFILE xyz") == "CREATE SETTINGS PROFILE xyz SETTINGS max_memory_usage = 100000001 MAX 110000000, max_ast_depth = 2000 TO worker\n" assert instance.query("SELECT value FROM system.settings WHERE name = 'max_memory_usage'", user="robin") == "100000001\n" assert "Setting max_memory_usage shouldn't be greater than 110000000" in instance.query_and_get_error("SET max_memory_usage = 120000000", user="robin") - assert system_settings_profile("xyz") == [[ "xyz", "disk", 2, 0, "['worker']", "[]" ]] + assert system_settings_profile("xyz") == [[ "xyz", "local directory", 2, 0, "['worker']", "[]" ]] instance.query("ALTER SETTINGS PROFILE xyz TO NONE") assert instance.query("SHOW CREATE SETTINGS PROFILE xyz") == "CREATE SETTINGS PROFILE xyz SETTINGS max_memory_usage = 100000001 MAX 110000000, max_ast_depth = 2000\n" assert instance.query("SELECT value FROM system.settings WHERE name = 'max_memory_usage'", user="robin") == "10000000000\n" instance.query("SET max_memory_usage = 120000000", user="robin") - assert system_settings_profile("xyz") == [[ "xyz", "disk", 2, 0, "[]", "[]" ]] + assert system_settings_profile("xyz") == [[ "xyz", "local directory", 2, 0, "[]", "[]" ]] def test_inheritance(): @@ -125,9 +125,9 @@ def test_inheritance(): assert instance.query("SELECT value FROM system.settings WHERE name = 'max_memory_usage'", user="robin") == "100000002\n" assert "Setting max_memory_usage should not be changed" in instance.query_and_get_error("SET max_memory_usage = 80000000", user="robin") - assert system_settings_profile("xyz") == [[ "xyz", "disk", 1, 0, "[]", "[]" ]] + assert system_settings_profile("xyz") == [[ "xyz", "local directory", 1, 0, "[]", "[]" ]] assert system_settings_profile_elements(profile_name="xyz") == [[ "xyz", "\N", "\N", 0, "max_memory_usage", 100000002, "\N", "\N", 1, "\N" ]] - assert system_settings_profile("alpha") == [[ "alpha", "disk", 1, 0, "['robin']", "[]" ]] + assert system_settings_profile("alpha") == [[ "alpha", "local directory", 1, 0, "['robin']", "[]" ]] assert system_settings_profile_elements(profile_name="alpha") == [[ "alpha", "\N", "\N", 0, "\N", "\N", "\N", "\N", "\N", "xyz" ]] assert system_settings_profile_elements(user_name="robin") == [] diff --git a/tests/queries/0_stateless/01292_create_user.reference b/tests/queries/0_stateless/01292_create_user.reference index 775bbaa6a26..997a9504bb5 100644 --- a/tests/queries/0_stateless/01292_create_user.reference +++ b/tests/queries/0_stateless/01292_create_user.reference @@ -104,10 +104,10 @@ CREATE USER u2_01292 DEFAULT ROLE r1_01292, r2_01292 SETTINGS readonly = 1 CREATE USER u3_01292 HOST LIKE \'%.%.myhost.com\' DEFAULT ROLE r1_01292, r2_01292 CREATE USER u4_01292 HOST LIKE \'%.%.myhost.com\' DEFAULT ROLE r1_01292, r2_01292 -- system.users -u1_01292 disk plaintext_password {} [] ['localhost'] [] [] 1 [] [] -u2_01292 disk no_password {} [] [] [] ['%.%.myhost.com'] 0 [] [] -u3_01292 disk sha256_password {} ['192.169.1.1','192.168.0.0/16'] ['localhost'] [] [] 0 ['r1_01292'] [] -u4_01292 disk double_sha1_password {} ['::/0'] [] [] [] 1 [] ['r1_01292'] +u1_01292 local directory plaintext_password {} [] ['localhost'] [] [] 1 [] [] +u2_01292 local directory no_password {} [] [] [] ['%.%.myhost.com'] 0 [] [] +u3_01292 local directory sha256_password {} ['192.169.1.1','192.168.0.0/16'] ['localhost'] [] [] 0 ['r1_01292'] [] +u4_01292 local directory double_sha1_password {} ['::/0'] [] [] [] 1 [] ['r1_01292'] -- system.settings_profile_elements \N u1_01292 \N 0 readonly 1 \N \N \N \N \N u2_01292 \N 0 \N \N \N \N \N default diff --git a/tests/queries/0_stateless/01293_create_role.reference b/tests/queries/0_stateless/01293_create_role.reference index 0cba719af66..8d9a259ecf5 100644 --- a/tests/queries/0_stateless/01293_create_role.reference +++ b/tests/queries/0_stateless/01293_create_role.reference @@ -28,7 +28,7 @@ CREATE ROLE r2_01293 CREATE ROLE r1_01293 SETTINGS readonly = 1 CREATE ROLE r2_01293 SETTINGS readonly = 1 -- system.roles -r1_01293 disk +r1_01293 local directory -- system.settings_profile_elements \N \N r1_01293 0 readonly 1 \N \N \N \N \N \N r2_01293 0 \N \N \N \N \N default diff --git a/tests/queries/0_stateless/01294_create_settings_profile.reference b/tests/queries/0_stateless/01294_create_settings_profile.reference index 527ceea3dd7..0780a42ebed 100644 --- a/tests/queries/0_stateless/01294_create_settings_profile.reference +++ b/tests/queries/0_stateless/01294_create_settings_profile.reference @@ -42,11 +42,11 @@ CREATE SETTINGS PROFILE s2_01294 SETTINGS max_memory_usage = 6000000 TO r1_01294 CREATE SETTINGS PROFILE s3_01294 SETTINGS max_memory_usage = 6000000 TO r1_01294 CREATE SETTINGS PROFILE s4_01294 TO r1_01294 -- system.settings_profiles -s1_01294 disk 0 0 [] [] -s2_01294 disk 1 0 ['r1_01294'] [] -s3_01294 disk 1 0 ['r1_01294'] [] -s4_01294 disk 1 0 ['r1_01294'] [] -s5_01294 disk 3 1 [] ['r1_01294'] +s1_01294 local directory 0 0 [] [] +s2_01294 local directory 1 0 ['r1_01294'] [] +s3_01294 local directory 1 0 ['r1_01294'] [] +s4_01294 local directory 1 0 ['r1_01294'] [] +s5_01294 local directory 3 1 [] ['r1_01294'] -- system.settings_profile_elements s2_01294 \N \N 0 readonly 0 \N \N \N \N s3_01294 \N \N 0 max_memory_usage 5000000 4000000 6000000 1 \N diff --git a/tests/queries/0_stateless/01295_create_row_policy.reference b/tests/queries/0_stateless/01295_create_row_policy.reference index 2ed894c923e..6e3169b7fec 100644 --- a/tests/queries/0_stateless/01295_create_row_policy.reference +++ b/tests/queries/0_stateless/01295_create_row_policy.reference @@ -30,6 +30,6 @@ CREATE ROW POLICY p5_01295 ON db2.table2 FOR SELECT USING a = b CREATE ROW POLICY p1_01295 ON db.table FOR SELECT USING 1 TO ALL CREATE ROW POLICY p2_01295 ON db.table FOR SELECT USING 1 TO ALL -- system.row_policies -p1_01295 ON db.table p1_01295 db table disk (a < b) AND (c > d) 0 0 [] [] -p2_01295 ON db.table p2_01295 db table disk id = currentUser() 1 0 ['u1_01295'] [] -p3_01295 ON db.table p3_01295 db table disk 1 0 1 [] ['r1_01295'] +p1_01295 ON db.table p1_01295 db table local directory (a < b) AND (c > d) 0 0 [] [] +p2_01295 ON db.table p2_01295 db table local directory id = currentUser() 1 0 ['u1_01295'] [] +p3_01295 ON db.table p3_01295 db table local directory 1 0 1 [] ['r1_01295'] diff --git a/tests/queries/0_stateless/01297_create_quota.reference b/tests/queries/0_stateless/01297_create_quota.reference index b58d3f0f390..b637f4f3296 100644 --- a/tests/queries/0_stateless/01297_create_quota.reference +++ b/tests/queries/0_stateless/01297_create_quota.reference @@ -52,10 +52,10 @@ CREATE QUOTA q2_01297 FOR INTERVAL 1 day MAX errors = 5 CREATE QUOTA q1_01297 FOR INTERVAL 1 day TRACKING ONLY TO r1_01297 CREATE QUOTA q2_01297 FOR INTERVAL 1 day TRACKING ONLY TO r1_01297 -- system.quotas -q1_01297 disk ['user_name'] [] 0 ['r1_01297'] [] -q2_01297 disk [] [5259492] 0 ['r1_01297','u1_01297'] [] -q3_01297 disk ['client_key','user_name'] [5259492,15778476] 0 [] [] -q4_01297 disk [] [604800] 1 [] ['u1_01297'] +q1_01297 local directory ['user_name'] [] 0 ['r1_01297'] [] +q2_01297 local directory [] [5259492] 0 ['r1_01297','u1_01297'] [] +q3_01297 local directory ['client_key','user_name'] [5259492,15778476] 0 [] [] +q4_01297 local directory [] [604800] 1 [] ['u1_01297'] -- system.quota_limits q2_01297 5259492 0 100 11 1000 10000 1001 10001 2.5 q3_01297 5259492 0 \N \N 1002 \N \N \N \N diff --git a/tests/testflows/rbac/tests/errors.py b/tests/testflows/rbac/tests/errors.py index 0ca927b54e4..50004f03476 100755 --- a/tests/testflows/rbac/tests/errors.py +++ b/tests/testflows/rbac/tests/errors.py @@ -2,7 +2,7 @@ # Errors: not found -not_found = "Exception: There is no {type} `{name}` in [disk, users.xml]" +not_found = "Exception: There is no {type} `{name}` in user directories" def user_not_found_in_disk(name): return (192,not_found.format(type="user",name=name)) @@ -21,7 +21,7 @@ def row_policy_not_found_in_disk(name): # Errors: cannot_rename -cannot_rename = "Exception: {type} `{name}`: cannot rename to `{name_new}` because {type} `{name_new}` already exists in [disk]" +cannot_rename = "Exception: {type} `{name}`: cannot rename to `{name_new}` because {type} `{name_new}` already exists in local directory" cannot_rename_exitcode = 237 def cannot_rename_user(name,name_new): @@ -41,7 +41,7 @@ def cannot_rename_row_policy(name,name_new): # Errors: cannot insert -cannot_insert = "Exception: {type} `{name}`: cannot insert because {type} `{name}` already exists in [disk]" +cannot_insert = "Exception: {type} `{name}`: cannot insert because {type} `{name}` already exists in local directory" cannot_insert_exitcode = 237 def cannot_insert_user(name): @@ -62,10 +62,10 @@ def cannot_insert_row_policy(name): # Error: default is readonly default_readonly_exitcode = 239 -cannot_remove_default = "Exception: Cannot remove {type} `default` from [users.xml] because this storage is readonly" +cannot_remove_default = "Exception: Cannot remove {type} `default` from users.xml because this storage is readonly" def cannot_update_default(): - return (default_readonly_exitcode, "Exception: Cannot update user `default` in [users.xml] because this storage is readonly") + return (default_readonly_exitcode, "Exception: Cannot update user `default` in users.xml because this storage is readonly") def cannot_remove_user_default(): return (default_readonly_exitcode, cannot_remove_default.format(type="user"))